> On 05/10/2010 08:43 PM, Chris Bare wrote: > > Is there a way get have X509_verify_cert retry it's path building after it > > gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT? > > My idea is to implement a verify callback that uses the AIA information to > > download the issuer cert and add it to the stack of untrusted certs. > > Is this possible, or would I have to let X509_verify_cert error out and call > > it again? > > > > Trying to do path building during path validation > may end up in a never ending loop or almost. >
How else can I leverage the local path building code? What if I happen to have parts of the path already? The path validation will build the path until it fails and that shows me what to go out and download next. At least that's how I'm thinking of it, but I'm open to suggestions. -- Chris Bare ch...@bareflix.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org